Intrusion Detection Using Few-shot Learning Based on Triplet Graph Convolutional Network

Authors

  • Yue Wang PLA Information University, Zhengzhou, 450000, China https://orcid.org/0000-0002-5741-498X
  • Yiming Jiang PLA Information University, Zhengzhou, 450000, China
  • Julong Lan PLA Information University, Zhengzhou, 450000, China

DOI:

https://doi.org/10.13052/jwe1540-9589.2059

Abstract

Machine learning and deep learning methods have been widely used in network intrusion detection, most of which are supervised intrusion detection methods, which need to train a lot of marked data. However, in some cases, a small amount of exception data is hidden in a large amount of exception data, making methods that require a large amount of the same markup data to learn features invalid. In order to solve this problem, this paper proposes an innovative method of small sample network intrusion detection. The innovation point is that network data is modeled as graph structure to effectively mine the correlation features between data samples, and by comparing the distance similarity, the triplet network structure is used to detect anomalies. The triplet network is composed of triplet graph convolutional neural network which shares the same parameters and is trained by providing triplet samples to the network. Experiments on network traffic datasets CSE-CIC-IDS2018 and UNSW-NB15 as well as system status monitoring datasets verify the effectiveness of the proposed method in network intrusion detection of small samples.

Downloads

Download data is not yet available.

Author Biographies

Yue Wang, PLA Information University, Zhengzhou, 450000, China

Yue Wang received the bachelor’s degree from the School of Computer Science, Sichuan University, Chengdu, China, in 2018. She is currently pursuing the master’s degree with PLA Information University, Zhengzhou, China. Her research interests include new network architectures for the next generation Internet and network security

Yiming Jiang, PLA Information University, Zhengzhou, 450000, China

Yiming Jiang received the Ph.D. degree from PLA Information University, Zhengzhou, China in 2014. Currently, he is an assistant researcher in PLA Information University. His research interests include new network architectures for the next generation Internet, network security and cloud computing.

Julong Lan, PLA Information University, Zhengzhou, 450000, China

Julong Lan is a professor and chief engineer in PLA Information University. His research interests include new network architectures for the next generation Internet and network security.

References

T. Hamed, R. Dara, and S. C. Kremer, “Network intrusion detectionsystem based on recursive feature addition and bigram technique,” Computers & Security, vol. 73, pp. 137–155, 2018.

Y. LeCun, Y. Bengio and G. Hinton, “Deep learning,” Nature, vol. 521, pp. 436–444, 2015.

W. Wang, Y. Sheng, J. Wang, X. Zeng, X. Ye et al., “HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection,” IEEE Access, vol. 6, pp. 1792–1806, 2018.

E. Min, J. Long, Q. Liu, J. Cui, and W. Chen, “TR-IDS: Anomalybased intrusion detection through text-convolutional neural network andrandom forest,” Security and Communication Networks, vol. 2018, Article ID. 4943509, 2018.

L. Bilge and T. Dumitraş, “Before we knew it: an empirical study of zero-day attacks in the real world,” in Proceedings of the 2012 ACM Conference on Computer and Communications Security, Raleigh North Carolina, USA, pp. 833–844, 2012.

K. Zhao, X. Jin and Y. Wang, “Survey on few-shot learning,” Journal of Software, pp. 225–236, 2020.

Santoro, S. Bartunov, M. Botvinick, D. Wierstra, and T. Lillicrap, “Meta-learning with memory-augmented neural networks,” in Proceedings of the 33rd International Conference on International Conference on Machine Learning, New York, USA, vol. 48, pp. 1842–1850, 2016.

Vinyals, C. Blundell, T. Lillicrap, K. Kavukcuoglu and D. Wierstra, “Matching networks for one shot learning,” in Proceedings of the 30th International Conference on Neural Information Processing Systems, Barcelona, Spain, pp. 3630–3638, 2016.

J. Snell, K. Swersky, and R. Zemel, “Prototypical networks for few-shotlearning,” in NIPS 2017 Proceedings, Long Beach, CA, USA, pp. 4077–4087, 2017.

F. Sung, Y. Yang, L. Zhang, T. Xiang, P. H. Torr et al., “Learning to compare: Relation network for few-shot learning,” in Proc. IEEE/CVF Conference on Computer Vision and Pattern Recognition, Salt Lake City, UT, USA, pp. 1199–1208, 2018.

R. Zhang, T. Che, Z. Ghahramani, Y. Bengio, and Y. Song, “MetaGAN: An adversarial approach to few-shot learning,” in Proceedings of the 32nd International Conference on Neural Information Processing Systems, Montreal, Canada, pp. 2365–2374, 2018.

S. Gurung, M. K. Ghose and A. Subedi, “Deep learning approach on network intrusion detection system using NSL-KDD dataset,” International Journal of Computer Network and Information Security(IJCNIS), vol. 11, no. 3, pp. 8–14, 2019.

M. M. Hassan, A. Gumaei, A. Alsanad, M. Alrubaian, “A hybrid deep learning model for efficient intrusion detection in big data environment,” Information Sciences, vol. 513, pp. 386–396, 2020.

M. Liu, Z. Xue, X. Xu, C. Zhong and J. Chen, “Host-based intrusion detection system with system calls: Review and future trends,” ACM Computing Surveys, vol. 51, no. 5, pp. Article No. 98, 2018.

Z. Zhang, P. Cui and W. Zhu, “Deep learning on graphs: A survey,” IEEE Transactions on Knowledge and Data Engineering, 2020.

N. Shone, T. N. Ngoc, V. D. Phai and Q. Shi, “A deep learning approach to network intrusion detection,” IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 2, no. 1, pp. 41–50, 2018.

J. R. Reuning, “Applying term weight techniques to event log analysis for intrusion detection,” Masters Paper, University of North Carolina at Chapel Hill, USA, 2004.

F. Apap, A. Honig, S. Hershkop, E. Eskin and S. Stolfo, “Detecting malicious software by monitoring anomalous windows registry accesses,” in Wespi A., Vigna G., Deri L. (eds) Recent Advances in Intrusion Detection. RAID 2002. Lecture Notes in Computer Science, vol. 2516. Springer, Berlin, Heidelberg, pp. 36–53, 2002.

Ou, “Host-based intrusion detection systems inspired by machine learning of agent-based artificial immune systems,” in 2019 IEEE International Symposium on INnovations in Intelligent SysTems and Applications (INISTA), Sofia, Bulgaria, pp. 1–5, 2019.

Santoro, S. Bartunov, M. Botvinick, D. Wierstra and T. Lillicrap, “One-shot Learning with Memory-Augmented Neural Networks,” in Proceedings of the 33rd International Conference on International Conference on Machine Learning, New York, USA, pp. 1842–1850, 2016.

T. Munkhdalai and H. Yu, “Meta networks,” in Proceedings of the 34th International Conference on Machine Learning, Sydney, Australia, pp. 2554–2563, 2017.

J. Howard J and S. Ruder, “Universal Language Model Fine-tuning for Text Classification,” in Proceedings of the 56th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), Melbourne, Australia, pp. 328–339, 2018.

Nakamura and T. Harada, “Revisiting fine-tuning for few-shot learning,” ICLR 2020 Conference Withdrawn Submission.A. Nakamura, T. Harada, “Revisiting fine-tuning for few-shot learning,” arXiv preprint arXiv: 1910.00216, 2019.

G. Koch, R. Zemel and R. Salakhutdinov, “Siamese neural networks for one-shot image recognition,” in ICML deep learning workshop, vol. 2, 2015.

Vinyals, C. Blundell, T. Lillicrap, K. Kavukcuoglu and D. Wierstra, “Matching networks for one shot learning,” in Proceedings of the 30th International Conference on Neural Information Processing Systems, Barcelona, Spain, pp. 3630–3638, 2016.

L. B. Jiang, X. L. Zhou, F. W. Jiang and L. Che, “One-shot learning based on improved matching network,” Systems Engineering and Electronics, vol. 41, no. 6, pp. 1210–1217, 2019.

V. G. Satorras and J. B. Estrach, “Few-shot learning with graph neural networks,” in Proc. ICLR, Vancouver, Canada, 2018.

J. Kim, T. Kim, S. Kim and C. D. Yoo, “Edge-labeling graph neural network for few-shot learning,” in Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Long Beach, CA, USA, pp. 11–20, 2019.

S. Gidaris and N. Komodakis, “Generating Classification Weights with GNN Denoising Autoencoders for Few-Shot Learning,” in 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Long Beach, CA, USA, pp. 21–30, 2019.

J. Jiang, J. Chen, T. Gu, K. K. R. Choo, C. Liu et al., “Anomaly detection with graph convolutional networks for insider threat and fraud detection,” in MILCOM 20+19–2019 IEEE Military Communications Conference (MILCOM), Norfolk, VA, USA, pp. 109–114, 2019.

E. Hoffer and N. Ailon, “Deep metric learning using triplet network,” in Feragen A., Pelillo M., Loog M. (eds) Similarity-Based Pattern Recognition. SIMBAD 2015. Lecture Notes in Computer Science, vol 9370. Springer, Cham, pp. 84–92, 2015.

V. P. Kshirsagar, M. R. Baviskar and M. E. Gaikwad, “Face recognition using Eigenfaces,” in Proc. 2011 3rd International Conference on Computer Research and Development, Shanghai, China, pp. 302–306, 2011.

M. Liu, Z. Xue, X. Xu, C. Zhong and J. Chen, “Host-based intrusion detection system with system calls: review and future trends,” ACM Computing Surveys (CSUR), vol. 51, no. 5, Article No. 98, 2018.

M. Christ, N. Braun, J. Neuffer and A. W. Kempa-Liehr, “Time series Feature extraction on basis of scalable hypothesis tests (tsfresh – A Python package),” Neurocomputing, vol. 307, pp. 72–77, 2018.

J. Kim, Y. Shin and E. Choi, “An intrusion detection model based on a convolutional neural network,” Journal of Multimedia Information System, vol. 6, no. 4, pp. 165–172, 2019.

CSE-CIC-IDS2018 on AWS, https://www.unb.ca/cic/datasets/ids-2018.html

CICFlowMeter, https://www.unb.ca/cic/research/applications.html#CICFlowMeter

N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in Proc. 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, ACT, pp. 1–6, 2015.

Published

2021-08-26

Issue

Section

Advanced Practice in Web Engineering